summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMarkus Friedl <markus@cvs.openbsd.org>2000-10-14 12:19:46 +0000
committerMarkus Friedl <markus@cvs.openbsd.org>2000-10-14 12:19:46 +0000
commitf05c5cb553223bf99828b18f9cfcba5a7ae401a1 (patch)
tree7d468da343bd7a89be2061c06231c2639bcb923a
parent8fa01f932bd0a82e3001764a2ce87bd26b9d2afe (diff)
do not send RSA challenge if key is not allowed by key-options; from eivind@ThinkSec.com
-rw-r--r--usr.bin/ssh/auth-rsa.c13
1 files changed, 9 insertions, 4 deletions
diff --git a/usr.bin/ssh/auth-rsa.c b/usr.bin/ssh/auth-rsa.c
index 522f01f84cb..e8bfa16510c 100644
--- a/usr.bin/ssh/auth-rsa.c
+++ b/usr.bin/ssh/auth-rsa.c
@@ -14,7 +14,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: auth-rsa.c,v 1.31 2000/10/11 19:59:52 markus Exp $");
+RCSID("$OpenBSD: auth-rsa.c,v 1.32 2000/10/14 12:19:45 markus Exp $");
#include "rsa.h"
#include "packet.h"
@@ -231,6 +231,12 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n)
}
} else
options = NULL;
+ /*
+ * If our options do not allow this key to be used,
+ * do not send challenge.
+ */
+ if (!auth_parse_options(pw, options, linenum))
+ continue;
/* Parse the key from the line. */
if (!auth_rsa_read_key(&cp, &bits, pk->e, pk->n)) {
@@ -269,9 +275,8 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n)
* Break out of the loop if authentication was successful;
* otherwise continue searching.
*/
- authenticated = auth_parse_options(pw, options, linenum);
- if (authenticated)
- break;
+ authenticated = 1;
+ break;
}
/* Restore the privileged uid. */